VMware Sounds Ransomware Alarm Over Critical Severity Bug

by | May 28, 2021

Reading Time: 1 Minute

 

VMware patched a critical bug impacting its vCenter Server platform with a severity rating of 9.8 out of 10. The company said the flaw could allow a remote attacker to exploit its products and take control of a company’s affected system.

 

 

 

VMware went a step further on Tuesday, calling on IT security teams – already on high alert over an uptick in costly and destructive ransomware attacks – to patch systems fast.

“In this era of ransomware it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible,” wrote VMware’s Bob Plankers, technical marketing architect in a Tuesday post.

 

Critical Bug Impacts Critical Mass?

 

The vulnerability, tracked as CVE-2021-21985, impacts vCenter Server platforms, which is in widespread use and used to administer VMware’s market leading vSphere and ESXi host products.

Claire Tills, a senior research engineer with Tenable wrote in a post commenting on the bug, “patching these flaws should be a top priority. Successful exploitation would allow an attacker to execute arbitrary commands on the underlying vCenter host.”

 

See Also: PDF Feature ‘Certified’ Widely Vulnerable to Attack

 

 

Tills note exploiting the vulnerability is trivial. All an attacker would need to do is be able to access vCenter Server over port 443, she wrote. “Even if an organization has not exposed vCenter Server externally, attackers can still exploit this flaw once inside a network.”

Kenna Security’s director of security research Jerry Gamblin, however noted estimates of how many networks are vulnerable attacks is relatively small.

“Some early research from Rapid 7 shows that only around 6K’s VCenters are exposed directly to the internet, which makes the ‘blast radius’ tiny and the initial entry point into a network unlikely with this pair of CVES,” Gamblin wrote in an email commentary to Threatpost.

Gamblin is referring to both the critical CVE-2021-21985 bug and a second vulnerability reported by VMware on Tuesday, CVE-2021-21986. This second bug has a medium CVSS severity rating of 6.5 and is tied to an authentication mechanism issue in vCenter Server plugins.

 

 

See Also: Offensive Security Tool: Snallygaster

 

 

Breaking Down the Critical Bug

 

Workarounds and updates are available to mitigate both flaws, according to VMware.

“The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server,” VMware’s security bulletin states for the critical (CVE-2021-21985) bug. “The affected Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, whether or not vSAN is being used.”

VMware’s Virtual San (or vSAN) is a software-defined storage solution that typically supports hyper-converged infrastructure. The Health Check plug-in “checks to monitor the status of cluster components, diagnose issues, and troubleshoot problems,” according to a VMware description of the tool.

VMware credited the researcher identified only as “Ricter Z” of 360 Noah Lab for finding the bug.

 


See Also:
Hacking Stories: Xbox Underground

 

 

 

 

 

 

Source: threatpost.com

 

 

(Click Link)

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This